derivations: Add #:leaked-env-vars parameter.

Suggested by Joshua Randall <jcrandall@alum.mit.edu> in <http://bugs.gnu.org/20402>. * guix/derivations.scm (derivation): Add #:leaked-env-vars parameter. [user+system-env-vars]: Honor it. * guix/gexp.scm (gexp->derivation): Add #:leaked-env-vars and pass it to 'raw-derivation'. * doc/guix.texi (Derivations, G-Expressions): Adjust accordingly.
2015-04-30 23:51:44 +02:00 · 2015-04-30 23:51:44 +02:00 · c04681554d
parent d17551d943
commit c04681554d
3 changed files with 22 additions and 2 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -2187,7 +2187,7 @@ a derivation is the @code{derivation} procedure:
  @var{args} [#:outputs '("out")] [#:hash #f] [#:hash-algo #f] @
  [#:recursive? #f] [#:inputs '()] [#:env-vars '()] @
  [#:system (%current-system)] [#:references-graphs #f] @
-  [#:allowed-references #f] [#:local-build? #f]
+  [#:allowed-references #f] [#:leaked-env-vars #f] [#:local-build? #f]
 Build a derivation with the given arguments, and return the resulting
@code{<derivation>} object.
@ -2206,6 +2206,13 @@ a simple text format.
 When @var{allowed-references} is true, it must be a list of store items
 or outputs that the derivation's output may refer to.
 When @var{leaked-env-vars} is true, it must be a list of strings
 denoting environment variables that are allowed to ``leak'' from the
 daemon's environment to the build environment.  This is only applicable
 to fixed-output derivations---i.e., when @var{hash} is true.  The main
 use is to allow variables such as @code{http_proxy} to be passed to
 derivations that download files.
 When @var{local-build?} is true, declare that the derivation is not a
 good candidate for offloading and should rather be built locally
 (@pxref{Daemon Offload Setup}).  This is the case for small derivations
@ -2728,6 +2735,7 @@ information about monads.)
       [#:recursive? #f] [#:env-vars '()] [#:modules '()] @
       [#:module-path @var{%load-path}] @
       [#:references-graphs #f] [#:allowed-references #f] @
       [#:leaked-env-vars #f] @
       [#:local-build? #f] [#:guile-for-build #f]
 Return a derivation @var{name} that runs @var{exp} (a gexp) with
@var{guile-for-build} (a derivation) on @var{system}.  When @var{target}
--- a/guix/derivations.scm
+++ b/guix/derivations.scm
@ -692,7 +692,7 @@ HASH-ALGO, of the derivation NAME.  RECURSIVE? has the same meaning as for
                     (inputs '()) (outputs '("out"))
                     hash hash-algo recursive?
                     references-graphs allowed-references
-                     local-build?)
+                     leaked-env-vars local-build?)
  "Build a derivation with the given arguments, and return the resulting
 <derivation> object.  When HASH and HASH-ALGO are given, a
 fixed-output derivation is created---i.e., one whose result is known in
@ -707,6 +707,12 @@ the build environment in the corresponding file, in a simple text format.
 When ALLOWED-REFERENCES is true, it must be a list of store items or outputs
 that the derivation's output may refer to.
 When LEAKED-ENV-VARS is true, it must be a list of strings denoting
 environment variables that are allowed to \"leak\" from the daemon's
 environment to the build environment.  This is only applicable to fixed-output
 derivations--i.e., when HASH is true.  The main use is to allow variables such
 as \"http_proxy\" to be passed to derivations that download files.
 When LOCAL-BUILD? is true, declare that the derivation is not a good candidate
 for offloading and should rather be built locally.  This is the case for small
 derivations where the costs of data transfers would outweigh the benefits."
@ -751,6 +757,10 @@ derivations where the costs of data transfers would outweigh the benefits."
                            `(("allowedReferences"
                               . ,(string-join allowed-references)))
                            '())
                      ,@(if leaked-env-vars
                            `(("impureEnvVars"
                               . ,(string-join leaked-env-vars)))
                            '())
                      ,@env-vars)))
      (match references-graphs
        (((file . path) ...)
--- a/guix/gexp.scm
+++ b/guix/gexp.scm
@ -282,6 +282,7 @@ names and file names suitable for the #:allowed-references argument to
                           (graft? (%graft?))
                           references-graphs
                           allowed-references
                           leaked-env-vars
                           local-build?)
  "Return a derivation NAME that runs EXP (a gexp) with GUILE-FOR-BUILD (a
 derivation) on SYSTEM.  When TARGET is true, it is used as the
@ -400,6 +401,7 @@ The other arguments are as for 'derivation'."
                      #:hash hash #:hash-algo hash-algo #:recursive? recursive?
                      #:references-graphs (and=> graphs graphs-file-names)
                      #:allowed-references allowed
                      #:leaked-env-vars leaked-env-vars
                      #:local-build? local-build?))))
 (define* (gexp-inputs exp #:key native?)